Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access

medium Nessus Plugin ID 11549

Language:

Synopsis

The remote host is vulnerable to inforamtion disclosure.

Description

The remote host includes a CGI (/cgi-bin/readfile.tcl) which allows anyone to read arbitrary files on the remote host with the privileges of the HTTP daemon (typically 'nobody').

Solution

Contact the vendor for the latest version of this software.

See Also

https://seclists.org/bugtraq/2003/Apr/301

Plugin Details

Severity: Medium

ID: 11549

File Name: nokia_readfile.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 4/24/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning